---
services_deploy_pod:
  wants:
    - "nginx"
  containers:
    nginx:
      image: "docker.io/library/nginx:{{ services_service_deploy_versions.nginx }}"
      wants:
        - "certbot"
      exec_start_pre:
        - >-
          /usr/bin/sh -c 'echo resolver $(awk '\''BEGIN{ORS=" "} $1=="nameserver" {print $2}'\''
          {{ system_etc_root_directory }}/resolv.conf) ";" > %t/resolver.conf'
      podman_run_args:
        - "-v ./.config/service/hosts:/etc/hosts:ro"
        - "-v %t/resolver.conf:/etc/nginx/resolver.conf:ro"
        - "-v ./.config/service/nginx.conf:/etc/nginx/nginx.conf:ro"
        - "-v ./.config/service/stream.conf:/etc/nginx/stream.conf:ro"
        - "-v ./.config/service/nginx-conf.d:/etc/nginx/conf.d:ro"
        - "-v ./.config/service/dhparam.pem:/etc/ssl/certs/dhparam.pem:ro"
        - "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\
              /etc/letsencrypt:ro"
        - "-v var-lib-letsencrypt:/var/lib/letsencrypt:ro"
        - "-v var-www-html:/var/www/html"
    certbot:
      image: "docker.io/certbot/certbot:{{ services_service_deploy_versions.certbot }}"
      binds_to:
        - "nginx"
      podman_run_args:
        - "-v {{ services_data_directory }}/{{ services_service_user_name }}/etc-letsencrypt/_data:\
              /etc/letsencrypt"
        - "-v var-lib-letsencrypt:/var/lib/letsencrypt"
        - "-v var-www-html:/var/www/html"
        - "-v ./.config/service/crontabs-root:/etc/crontabs/root"
        - "-v /etc/timezone:/etc/timezone:ro"
        - "-v /etc/localtime:/etc/localtime:ro"
        - "--entrypoint=/usr/sbin/crond"
      cmd_args:
        - "-f"